encryptionconfig

package

v0.0.0-...-b2a8ad6 Latest Latest Go to latest Published: Aug 29, 2017 License: Apache-2.0 Imports: 18 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/madhusudancs/kube-apiserver

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func GetAESPrefixTransformer(config *AESConfig, fn BlockTransformerFunc, prefix string) (value.PrefixTransformer, error)
func GetPrefixTransformers(config *ResourceConfig) ([]value.PrefixTransformer, error)
func GetSecretboxPrefixTransformer(config *SecretboxConfig) (value.PrefixTransformer, error)
func GetTransformerOverrides(filepath string) (map[schema.GroupResource]value.Transformer, error)
func ParseEncryptionConfiguration(f io.Reader) (map[schema.GroupResource]value.Transformer, error)
type AESConfig
type BlockTransformerFunc
type CloudProvidedKMSConfig
type CoreKMSConfig
type EncryptionConfig
type Factory
type IdentityConfig
type KMSConfig
type KMSPlugins
- func (ps *KMSPlugins) Register(name string, plugin Factory)
- func (ps *KMSPlugins) RegisterCloudProvidedKMSPlugin(cloudKMSGetter cloudKMSFactory)
type Key
type PluginEnabledFunc
type ProviderConfig
type ResourceConfig
type SecretboxConfig

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	// PluginEnabledFn checks whether a plugin is enabled.  By default, if you ask about it, it's enabled.
	PluginEnabledFn = func(name string, config io.Reader) bool {
		return true
	}

	// KMSPluginRegistry contains the registered KMS plugins which can be used for configuring
	// encryption providers.
	KMSPluginRegistry = KMSPlugins{}
)

Functions ¶

func GetAESPrefixTransformer ¶

func GetAESPrefixTransformer(config *AESConfig, fn BlockTransformerFunc, prefix string) (value.PrefixTransformer, error)

GetAESPrefixTransformer returns a prefix transformer from the provided configuration. Returns an AES transformer based on the provided prefix and block transformer.

func GetPrefixTransformers ¶

func GetPrefixTransformers(config *ResourceConfig) ([]value.PrefixTransformer, error)

GetPrefixTransformers constructs and returns the appropriate prefix transformers for the passed resource using its configuration

func GetSecretboxPrefixTransformer ¶

func GetSecretboxPrefixTransformer(config *SecretboxConfig) (value.PrefixTransformer, error)

GetSecretboxPrefixTransformer returns a prefix transformer from the provided configuration

func GetTransformerOverrides ¶

func GetTransformerOverrides(filepath string) (map[schema.GroupResource]value.Transformer, error)

GetTransformerOverrides returns the transformer overrides by reading and parsing the encryption provider configuration file

func ParseEncryptionConfiguration ¶

func ParseEncryptionConfiguration(f io.Reader) (map[schema.GroupResource]value.Transformer, error)

ParseEncryptionConfiguration parses configuration data and returns the transformer overrides

Types ¶

type AESConfig ¶

type AESConfig struct {
	// keys is a list of keys to be used for creating the AES transformer.
	// Each key has to be 32 bytes long for AES-CBC and 16, 24 or 32 bytes for AES-GCM.
	Keys []Key `json:"keys"`
}

AESConfig contains the API configuration for an AES transformer.

type BlockTransformerFunc ¶

type BlockTransformerFunc func(cipher.Block) value.Transformer

BlockTransformerFunc takes an AES cipher block and returns a value transformer.

type CloudProvidedKMSConfig ¶

type CloudProvidedKMSConfig struct {
	*CoreKMSConfig
}

CloudProvidedKMSConfig contains the name and cache size for a KMS based envelope transformer which uses the KMS provided by the cloud.

type CoreKMSConfig ¶

type CoreKMSConfig struct {
	// name is the name of the KMS plugin to be used.
	Name string `json:"name"`
	// cacheSize is the maximum number of secrets which are cached in memory. The default value is 1000.
	// +optional
	CacheSize int `json:"cachesize,omitempty"`
}

CoreKMSConfig contains the name and cache sized for a KMS based envelope transformer.

type EncryptionConfig ¶

type EncryptionConfig struct {
	// kind is the type of configuration file.
	Kind string `json:"kind"`
	// apiVersion is the API version this file has to be parsed as.
	APIVersion string `json:"apiVersion"`
	// resources is a list containing resources, and their corresponding encryption providers.
	Resources []ResourceConfig `json:"resources"`
}

EncryptionConfig stores the complete configuration for encryption providers.

type Factory ¶

type Factory func(config io.Reader) (envelope.Service, error)

Factory is a function that returns an envelope Service for encryption providers. The config parameter provides an io.Reader handler to the factory in order to load specific configurations. If no configuration is provided the parameter is nil.

type IdentityConfig ¶

type IdentityConfig struct{}

IdentityConfig is an empty struct to allow identity transformer in provider configuration.

type KMSConfig ¶

type KMSConfig struct {
	*CoreKMSConfig
	// configfile is the path to the configuration file for the named KMS provider.
	ConfigFile string `json:"configfile"`
}

KMSConfig contains the name, cache size and path to configuration file for a KMS based envelope transformer.

type KMSPlugins ¶

type KMSPlugins struct {
	// contains filtered or unexported fields
}

KMSPlugins contains all registered KMS options.

func (*KMSPlugins) Register ¶

func (ps *KMSPlugins) Register(name string, plugin Factory)

Register registers a plugin Factory by name. This is expected to happen during app startup.

func (*KMSPlugins) RegisterCloudProvidedKMSPlugin ¶

func (ps *KMSPlugins) RegisterCloudProvidedKMSPlugin(cloudKMSGetter cloudKMSFactory)

RegisterCloudProvidedKMSPlugin registers the cloud's KMS provider as an envelope.Service. This service is provided by the cloudprovider interface.

type Key ¶

type Key struct {
	// name is the name of the key to be used while storing data to disk.
	Name string `json:"name"`
	// secret is the actual key, encoded in base64.
	Secret string `json:"secret"`
}

Key contains name and secret of the provided key for a transformer.

type PluginEnabledFunc ¶

type PluginEnabledFunc func(name string, config io.Reader) bool

PluginEnabledFunc is a function type that can provide an external check on whether an admission plugin may be enabled

type ProviderConfig ¶

type ProviderConfig struct {
	// aesgcm is the configuration for the AES-GCM transformer.
	AESGCM *AESConfig `json:"aesgcm,omitempty"`
	// aescbc is the configuration for the AES-CBC transformer.
	AESCBC *AESConfig `json:"aescbc,omitempty"`
	// secretbox is the configuration for the Secretbox based transformer.
	Secretbox *SecretboxConfig `json:"secretbox,omitempty"`
	// identity is the (empty) configuration for the identity transformer.
	Identity *IdentityConfig `json:"identity,omitempty"`
	// kms contains the name, cache size and path to configuration file for a KMS based envelope transformer.
	KMS *KMSConfig `json:"kms,omitempty"`
	// cloudProvidedKMSConfig contains the name and cache size for a KMS based envelope transformer which uses
	// the KMS provided by the cloud.
	CloudProvidedKMS *CloudProvidedKMSConfig `json:"cloudprovidedkms,omitempty"`
}

ProviderConfig stores the provided configuration for an encryption provider.

type ResourceConfig ¶

type ResourceConfig struct {
	// resources is a list of kubernetes resources which have to be encrypted.
	Resources []string `json:"resources"`
	// providers is a list of transformers to be used for reading and writing the resources to disk.
	// eg: aesgcm, aescbc, secretbox, identity.
	Providers []ProviderConfig `json:"providers"`
}

ResourceConfig stores per resource configuration.

type SecretboxConfig ¶

type SecretboxConfig struct {
	// keys is a list of keys to be used for creating the Secretbox transformer.
	// Each key has to be 32 bytes long.
	Keys []Key `json:"keys"`
}

SecretboxConfig contains the API configuration for an Secretbox transformer.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL